Security News > 2020 > April > Firefox, IE Vulnerabilities Exploited in Attacks on China, Japan
Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an advanced persistent threat actor in attacks aimed at China and Japan.
Both vulnerabilities were exploited in attacks before patches were released.
A blog post published in February by Chinese cybersecurity firm Qihoo 360 revealed that both security bugs were exploited as part of the same campaign aimed at Chinese government agencies.
Japan's Computer Emergency Response Team Coordination Center has reported seeing attacks on Japanese entities exploiting both CVE-2019-17026 and CVE-2020-0674.
In a blog post published on Thursday, JPCERT said targeted users are taken to a website set up to deliver Firefox or Internet Explorer exploits depending on the victim's browser.
News URL
Related news
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Japan warns of IO-Data zero-day router flaws exploited in attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-02 | CVE-2019-17026 | Type Confusion vulnerability in multiple products Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. | 8.8 |
2020-02-11 | CVE-2020-0674 | Use After Free vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |